Bank for International Settlements publishes roadmap for migrating the financial system to quantum-safe cryptography

The Bank for International Settlements published a research paper that sets out a practical roadmap for “quantum-readiness” in the financial system, warning that future quantum computers could break widely used encryption and that preparation needs to start now. The paper frames the transition as a coordinated, multi-year overhaul of cryptographic infrastructure, with post-quantum cryptography (PQC) presented as the most deployable near-term option and quantum key distribution (QKD) as a longer-term technology that still faces infrastructure constraints. The roadmap stresses early internal awareness, governance and comprehensive cryptographic inventories, alongside system-wide coordination led by central banks and supervisors to avoid weak links across interconnected domestic and cross-border infrastructures. It highlights “harvest now, decrypt later” risks and notes expert expectations cited from the Global Risk Institute’s 2024 survey, where 27% anticipate a cryptographically relevant quantum computer within 10 years and 50% within 15 years. Migration challenges include performance and integration trade-offs and significantly larger keys and signatures versus today’s public-key cryptography, meaning PQC is not a drop-in replacement. The paper also points to dependencies such as widely used protocols and certificates, including that TLS 1.2 cannot be configured with post-quantum algorithms and that migration to TLS 1.3 is needed for quantum-safe support, and it references National Institute of Standards and Technology standardisation milestones for PQC and guidance indicating Rivest-Shamir-Adleman (RSA) deprecation after 2030 and disallowance after 2035.